Commit Graph

223 Commits

Author SHA1 Message Date
Maxime Rainville
98926e4e6c [CVE-2019-19326] Stop honouring X-HTTP-Method-Override header, X-Original-Url header and _method POST variable. Add SS_HTTPRequest::setHttpMethod(). 2020-07-14 13:25:55 +12:00
Daniel Hensby
5f48b3e5d2
FIX txt/json is not a valid content type 2018-08-13 12:16:42 +01:00
Sam Minnee
fa7f1954be Fix test to match 2018-07-04 15:56:47 +12:00
Daniel Hensby
2b4954035f NEW Add better HTTP cache-control manipulation (#8086) 2018-06-08 11:56:31 +12:00
Daniel Hensby
7897b3bb25
Merge branch '3.6' into 3 2017-12-14 15:31:51 +00:00
Daniel Hensby
81150c5922
FIX Use PHP 5.3 array syntax 2017-12-14 15:24:53 +00:00
Damian Mooyman
50aa1f22a6
Merge branch '3.6' into 3 2017-12-07 13:20:58 +13:00
Damian Mooyman
25e276cf37 [ss-2017-006] Fix user agent invalidation on session startup 2017-12-01 10:55:00 +13:00
Daniel Hensby
fd201bc71b
Merge branch '3.6' into 3 2017-11-25 16:18:46 +00:00
Daniel Hensby
3d3096485b
TEST Uppercase file extensions return correct mime type 2017-11-16 11:01:25 +00:00
Daniel Hensby
66456138e7
Merge branch '3.6' into 3 2017-05-26 14:58:16 +01:00
Daniel Hensby
24a768ae14
Merge branch '3.4' into 3.5 2017-05-26 14:57:15 +01:00
Daniel Hensby
85f0650796
Remove unnecessary nesting of config/injector in tests 2017-05-24 16:05:39 +01:00
Ben Speakman
27bca14f86 Test for getExtension() 2017-05-08 17:22:50 +12:00
Andrew Aitken-Fincham
ad0d68d133 add IPUtils.php to control and implement symfony IpUtils (#6062) 2016-09-26 12:44:55 +13:00
Daniel Hensby
679185514d
Merge 3.3 into 3
Conflicts:
	admin/css/screen.css.map
2016-04-26 00:24:59 +01:00
Daniel Hensby
745faebd81
Merge 3.2 into 3.3
Conflicts:
	.travis.yml
2016-04-26 00:17:09 +01:00
Daniel Hensby
a0812f987a
Merge 3.1 into 3.2
Conflicts:
	admin/javascript/LeftAndMain.js
	control/HTTPRequest.php
	docs/en/00_Getting_Started/00_Server_Requirements.md
2016-04-26 00:09:33 +01:00
Daniel Hensby
817b836870 FIX getIP from behind a load-balancer that adds many IPs to the header 2016-03-01 21:07:48 +00:00
Sam Minnee
3ee8f505b7 MINORE: Remove training whitespace.
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.

Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.

The command used was this:

for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
2016-01-07 10:15:54 +13:00
Marcus Nyeholt
fc5e584201 Format for SS3 using tabs instead of spaces 2015-12-08 15:19:24 +11:00
Marcus Nyeholt
f7c270a3ba NEW Use Config for determining Vary header
Existing implementation hardcodes the Vary header; swap to using Config layer
instead

Added test for changing the variable from config
2015-12-02 10:28:24 +11:00
Patrick Nelson
f192a6ecaf FIX #4392: Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation. 2015-10-09 13:50:33 -04:00
Damian Mooyman
309ac0d196 Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	.travis.yml
	admin/code/CMSProfileController.php
	admin/tests/LeftAndMainTest.php
	control/HTTP.php
	security/Permission.php
	tests/forms/FormTest.php
	tests/model/ArrayListTest.php
	tests/security/PermissionTest.php
2015-09-09 14:35:29 +12:00
Daniel Hensby
2d4b743090 FIX Members can access their own profiles in CMS 2015-08-26 15:47:51 +01:00
Loz Calver
99a8a81e9a Fix issues with tests and "subfolder" URLs 2015-08-25 11:49:01 +12:00
Damian Mooyman
1532eeb69e Merge pull request #4459 from kinglozzer/test-path-fixes
Fix issues with tests and "subfolder" URLs
2015-07-31 21:16:46 +12:00
Loz Calver
1aa5d7314c Fix issues with tests and "subfolder" URLs 2015-07-31 09:42:35 +01:00
Loz Calver
20a66136e6 Merge pull request #4403 from tractorcow/pulls/3.2/disable-deprecation
API Disable deprecation notices by default
2015-07-23 14:23:41 +01:00
Damian Mooyman
914d734df0 API Disable deprecation notices by default 2015-07-16 09:56:47 +12:00
Daniel Hensby
33d93c2a31 Fixing issues with HTTP cache control 2015-06-29 22:16:02 +01:00
Damian Mooyman
1d122803cc Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	dev/SapphireTest.php
	docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
	forms/DatetimeField.php
	forms/NullableField.php
	forms/NumericField.php
	forms/gridfield/GridField.php
	tests/control/DirectorTest.php
	tests/model/DataObjectSchemaGenerationTest.php
	tests/model/MySQLDatabaseTest.php
2015-06-19 10:48:07 +12:00
Damian Mooyman
78a3f703f2 Merge pull request #4178 from dhensby/pulls/cookie-name-normalisation
NEW Cookie names with dots are now handled more gracefully
2015-06-15 11:35:39 +12:00
Daniel Hensby
3ee5b24898 Nest and unnest Config and Controller for each test and test suite 2015-06-11 16:37:25 +01:00
Damian Mooyman
8331171f2c Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	.scrutinizer.yml
	admin/javascript/LeftAndMain.Panel.js
	core/startup/ParameterConfirmationToken.php
	dev/Debug.php
	dev/FixtureBlueprint.php
	docs/en/00_Getting_Started/05_Coding_Conventions.md
	docs/en/00_Getting_Started/index.md
	docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
	filesystem/File.php
	filesystem/Folder.php
	forms/FieldList.php
	forms/LabelField.php
	forms/MoneyField.php
	forms/TextField.php
	forms/TreeDropdownField.php
	forms/Validator.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldExportButton.php
	lang/de.yml
	lang/fi.yml
	model/DataObject.php
	model/SQLQuery.php
	parsers/ShortcodeParser.php
	security/ChangePasswordForm.php
	security/Security.php
	tests/control/DirectorTest.php
	tests/core/startup/ParameterConfirmationTokenTest.php
	tests/dev/FixtureBlueprintTest.php
	tests/forms/FieldListTest.php
	tests/forms/MoneyFieldTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Ingo Schommer
dac1b5818b Merge pull request #4217 from tractorcow/pulls/3.1/fix-directortest
BUG Fix DirectorTest failing when run with sake
2015-06-01 17:34:26 +12:00
Damian Mooyman
0a8f328947 Fix merge / test regressions 2015-05-28 16:59:05 +12:00
Damian Mooyman
e0710ae4e4 BUG Fix DirectorTest failing when run with sake 2015-05-22 14:48:35 +12:00
Daniel Hensby
ce5a8f2b41 NEW Cookie names with dots are now handled more gracefully 2015-05-12 10:49:58 +01:00
Damian Mooyman
43f49e8434 Merge remote-tracking branch 'origin/3.1' into 3
Conflicts:
	admin/code/ModelAdmin.php
	control/Director.php
	model/SQLQuery.php
	security/Member.php
	tests/control/HTTPTest.php
	tests/model/SQLQueryTest.php
	tests/security/SecurityTest.php
	tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Daniel Hensby
f568052044 Testing empty absolute urls and more thorough tests 2015-03-13 13:56:14 +00:00
Damian Mooyman
0b1f297873 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	README.md
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/screen.scss
	api/RestfulService.php
	conf/ConfigureFromEnv.php
	control/injector/ServiceConfigurationLocator.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	core/Object.php
	css/AssetUploadField.css
	css/ComplexTableField_popup.css
	dev/CSSContentParser.php
	dev/DevelopmentAdmin.php
	docs/en/changelogs/index.md
	docs/en/misc/contributing/code.md
	docs/en/reference/execution-pipeline.md
	filesystem/GD.php
	filesystem/ImagickBackend.php
	filesystem/Upload.php
	forms/Form.php
	forms/FormField.php
	forms/HtmlEditorConfig.php
	forms/gridfield/GridFieldDetailForm.php
	forms/gridfield/GridFieldSortableHeader.php
	lang/en.yml
	model/Aggregate.php
	model/DataList.php
	model/DataObject.php
	model/DataQuery.php
	model/Image.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	model/fieldtypes/HTMLText.php
	model/fieldtypes/Text.php
	scss/AssetUploadField.scss
	search/filters/SearchFilter.php
	security/Authenticator.php
	security/LoginForm.php
	security/Member.php
	security/MemberAuthenticator.php
	security/MemberLoginForm.php
	security/Security.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
	tests/control/HTTPTest.php
	tests/control/RequestHandlingTest.php
	tests/filesystem/UploadTest.php
	tests/forms/FormTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataListTest.php
	tests/model/DataObjectTest.php
	tests/model/TextTest.php
	tests/security/MemberAuthenticatorTest.php
	tests/security/SecurityDefaultAdminTest.php
	tests/view/SSViewerCacheBlockTest.php
	tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Stevie Mayhew
41ea83b337 FEATURE: add validation to form field subclasses 2014-11-17 08:17:38 +13:00
Loz Calver
97170dd42d Better tests for SSViewer::flush & Flushable 2014-10-13 09:44:14 +01:00
Damian Mooyman
1e612607aa Suggested improvements / test case fixes 2014-10-10 09:28:11 +13:00
Daniel Hensby
3b9056fc01 NEW Cookie_Backend for managing cookie state
I've decoupled `Cookie` from the actual act of setting and getting
cookies. Currently there are a few limitations to how Cookie works that
this change mitigates:

0. `Cookie` currently changes the super global `$_COOKIE` when setting
to make the state of an application a bit more managable, but this is
bad because we shouldn't be modifying super globals
0. One can't actually change the `$cookie_class` once the
`Cookie::$inst` has been instantiated
0. One can't test cookies as there is no class that holds the state of
the cookies (it's just held in the super global which is reset as part
of `Director::test()`
0. One can't tell the origin of a cookie (eg: did the application set it
and it needs to be sent, or did we receive it from the browser?)
0. `time()` was used, so testing was made difficult
0. There was no way to get all the cookies at once (without accessing
the super global)

Todos are on the phpdoc and I'd like to write some tests for the backend
as well as update the docs (if there are any) around cookies.
DOCS Adding `Cookie` docs

Explains basic usage of `Cookie` as well as how the `Cookie_Backend`
controls the setting and getting of cookies and manages state of sent vs
received cookies
Fixing `Cookie` usage

`Cookie` is being used inconsistently with the API throughout framework.
Either by not using `force_expiry` to expire cookies or setting them to
null and then expiring them (which is redundant).
NEW `Director::test()` takes `Cookie_Backend` rather than `array` for `$cookies` param
2014-10-06 17:44:51 +13:00
Sean Harvey
8063b349c8 BUG Fixing Director::test() failing on BASE_URL prefixed URLs
Example: you have a site in a sub-directory off the webroot, you call
->Link() on a SiteTree record, which returns "/[sitedir]/my-page", and
you pass this URL to Director::test(). It's a valid URL, but
Director::test() will throw a 404.

Director::test() should be ensuring that all URLs passed to it are
properly made relative, not just in the case where it thinks the URL
is absolute.
2014-08-22 15:21:53 +12:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Mateusz Uzdowski
8bf3853887 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	docs/en/misc/contributing/issues.md
	docs/en/reference/uploadfield.md
	forms/HtmlEditorField.php
	i18n/i18n.php
	javascript/HtmlEditorField.js
	model/DB.php
	model/Image.php
	model/SQLQuery.php
2014-08-14 09:08:26 +12:00
Damian Mooyman
a89dbd29e1 Revert #3345 #3323 2014-07-31 17:05:57 +12:00